From: Manfred Spraul <manfred@colorfullife.com>
To: Vineet Gupta <Vineet.Gupta1@synopsys.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Davidlohr Bueso <dave.bueso@gmail.com>,
Sedat Dilek <sedat.dilek@gmail.com>,
Davidlohr Bueso <davidlohr.bueso@hp.com>,
linux-next <linux-next@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm <linux-mm@kvack.org>, Andi Kleen <andi@firstfloor.org>,
Rik van Riel <riel@redhat.com>,
Jonathan Gonzalez <jgonzalez@linets.cl>
Subject: Re: ipc-msg broken again on 3.11-rc7?
Date: Tue, 03 Sep 2013 12:16:54 +0200 [thread overview]
Message-ID: <5225B716.3090708@colorfullife.com> (raw)
In-Reply-To: <C2D7FE5348E1B147BCA15975FBA2307514168F@IN01WEMBXA.internal.synopsys.com>
[-- Attachment #1: Type: text/plain, Size: 569 bytes --]
Hi Vineet,
On 09/03/2013 11:51 AM, Vineet Gupta wrote:
> On 09/03/2013 02:53 PM, Manfred Spraul wrote:
>>
>> The access to msq->q_cbytes is not protected.
>>
>> Vineet, could you try to move the test for free space after ipc_lock?
>> I.e. the lock must not get dropped between testing for free space and
>> enqueueing the messages.
> Hmm, the code movement is not trivial. I broke even the simplest of cases (patch
> attached). This includes the additional change which Linus/Davidlohr had asked for.
The attached patch should work. Could you try it?
--
Manfred
[-- Attachment #2: patch-ipcmsg-wip --]
[-- Type: text/plain, Size: 1139 bytes --]
diff --git a/ipc/msg.c b/ipc/msg.c
index 9f29d9e..b65fdf1 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -680,16 +680,18 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
goto out_unlock1;
}
+ ipc_lock_object(&msq->q_perm);
+
for (;;) {
struct msg_sender s;
err = -EACCES;
if (ipcperms(ns, &msq->q_perm, S_IWUGO))
- goto out_unlock1;
+ goto out_unlock0;
err = security_msg_queue_msgsnd(msq, msg, msgflg);
if (err)
- goto out_unlock1;
+ goto out_unlock0;
if (msgsz + msq->q_cbytes <= msq->q_qbytes &&
1 + msq->q_qnum <= msq->q_qbytes) {
@@ -699,10 +701,9 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
/* queue full, wait: */
if (msgflg & IPC_NOWAIT) {
err = -EAGAIN;
- goto out_unlock1;
+ goto out_unlock0;
}
- ipc_lock_object(&msq->q_perm);
ss_add(msq, &s);
if (!ipc_rcu_getref(msq)) {
@@ -730,10 +731,7 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
goto out_unlock0;
}
- ipc_unlock_object(&msq->q_perm);
}
-
- ipc_lock_object(&msq->q_perm);
msq->q_lspid = task_tgid_vnr(current);
msq->q_stime = get_seconds();
WARNING: multiple messages have this Message-ID (diff)
From: Manfred Spraul <manfred@colorfullife.com>
To: Vineet Gupta <Vineet.Gupta1@synopsys.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Davidlohr Bueso <dave.bueso@gmail.com>,
Sedat Dilek <sedat.dilek@gmail.com>,
Davidlohr Bueso <davidlohr.bueso@hp.com>,
linux-next <linux-next@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm <linux-mm@kvack.org>, Andi Kleen <andi@firstfloor.org>,
Rik van Riel <riel@redhat.com>,
Jonathan Gonzalez <jgonzalez@linets.cl>
Subject: Re: ipc-msg broken again on 3.11-rc7?
Date: Tue, 03 Sep 2013 12:16:54 +0200 [thread overview]
Message-ID: <5225B716.3090708@colorfullife.com> (raw)
In-Reply-To: <C2D7FE5348E1B147BCA15975FBA2307514168F@IN01WEMBXA.internal.synopsys.com>
[-- Attachment #1: Type: text/plain, Size: 569 bytes --]
Hi Vineet,
On 09/03/2013 11:51 AM, Vineet Gupta wrote:
> On 09/03/2013 02:53 PM, Manfred Spraul wrote:
>>
>> The access to msq->q_cbytes is not protected.
>>
>> Vineet, could you try to move the test for free space after ipc_lock?
>> I.e. the lock must not get dropped between testing for free space and
>> enqueueing the messages.
> Hmm, the code movement is not trivial. I broke even the simplest of cases (patch
> attached). This includes the additional change which Linus/Davidlohr had asked for.
The attached patch should work. Could you try it?
--
Manfred
[-- Attachment #2: patch-ipcmsg-wip --]
[-- Type: text/plain, Size: 1139 bytes --]
diff --git a/ipc/msg.c b/ipc/msg.c
index 9f29d9e..b65fdf1 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -680,16 +680,18 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
goto out_unlock1;
}
+ ipc_lock_object(&msq->q_perm);
+
for (;;) {
struct msg_sender s;
err = -EACCES;
if (ipcperms(ns, &msq->q_perm, S_IWUGO))
- goto out_unlock1;
+ goto out_unlock0;
err = security_msg_queue_msgsnd(msq, msg, msgflg);
if (err)
- goto out_unlock1;
+ goto out_unlock0;
if (msgsz + msq->q_cbytes <= msq->q_qbytes &&
1 + msq->q_qnum <= msq->q_qbytes) {
@@ -699,10 +701,9 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
/* queue full, wait: */
if (msgflg & IPC_NOWAIT) {
err = -EAGAIN;
- goto out_unlock1;
+ goto out_unlock0;
}
- ipc_lock_object(&msq->q_perm);
ss_add(msq, &s);
if (!ipc_rcu_getref(msq)) {
@@ -730,10 +731,7 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
goto out_unlock0;
}
- ipc_unlock_object(&msq->q_perm);
}
-
- ipc_lock_object(&msq->q_perm);
msq->q_lspid = task_tgid_vnr(current);
msq->q_stime = get_seconds();
next prev parent reply other threads:[~2013-09-03 10:16 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-21 19:34 linux-next: Tree for Jun 21 [ BROKEN ipc/ipc-msg ] Sedat Dilek
2013-06-21 22:07 ` Davidlohr Bueso
2013-06-21 22:07 ` Davidlohr Bueso
2013-06-21 22:54 ` Sedat Dilek
2013-06-21 22:54 ` Sedat Dilek
2013-06-21 23:11 ` Davidlohr Bueso
2013-06-21 23:11 ` Davidlohr Bueso
2013-06-21 23:14 ` Sedat Dilek
2013-06-21 23:14 ` Sedat Dilek
2013-06-21 23:15 ` Sedat Dilek
2013-06-21 23:15 ` Sedat Dilek
2013-06-25 16:10 ` Sedat Dilek
2013-06-25 20:33 ` Davidlohr Bueso
2013-06-25 20:33 ` Davidlohr Bueso
2013-06-25 21:41 ` Sedat Dilek
2013-06-25 23:29 ` Davidlohr Bueso
2013-06-25 23:29 ` Davidlohr Bueso
2013-08-28 11:58 ` ipc-msg broken again on 3.11-rc7? (was Re: linux-next: Tree for Jun 21 [ BROKEN ipc/ipc-msg ]) Vineet Gupta
2013-08-28 11:58 ` Vineet Gupta
2013-08-29 3:04 ` Sedat Dilek
2013-08-29 3:04 ` Sedat Dilek
2013-08-29 7:21 ` Vineet Gupta
2013-08-29 7:21 ` Vineet Gupta
2013-08-29 7:52 ` Sedat Dilek
2013-08-29 7:52 ` Sedat Dilek
2013-08-30 8:19 ` Vineet Gupta
2013-08-30 8:19 ` Vineet Gupta
2013-08-30 8:27 ` Sedat Dilek
2013-08-30 8:46 ` ipc-msg broken again on 3.11-rc7? Vineet Gupta
2013-08-30 8:46 ` Vineet Gupta
[not found] ` <CALE5RAvaa4bb-9xAnBe07Yp2n+Nn4uGEgqpLrKMuOE8hhZv00Q@mail.gmail.com>
2013-08-30 16:31 ` Davidlohr Bueso
2013-08-30 16:31 ` Davidlohr Bueso
2013-08-31 17:50 ` Linus Torvalds
2013-09-02 4:58 ` Vineet Gupta
2013-09-02 16:29 ` Manfred Spraul
2013-09-02 16:29 ` Manfred Spraul
2013-09-02 16:29 ` Manfred Spraul
2013-09-03 7:16 ` Sedat Dilek
2013-09-03 7:16 ` Sedat Dilek
2013-09-03 7:34 ` Vineet Gupta
2013-09-03 7:34 ` Vineet Gupta
2013-09-03 7:49 ` Manfred Spraul
2013-09-03 7:49 ` Manfred Spraul
2013-09-03 8:43 ` Sedat Dilek
2013-09-03 8:43 ` Sedat Dilek
2013-09-03 8:44 ` Vineet Gupta
2013-09-03 8:44 ` Vineet Gupta
2013-09-03 8:57 ` Manfred Spraul
2013-09-03 8:57 ` Manfred Spraul
2013-09-03 8:57 ` Manfred Spraul
2013-09-03 9:16 ` Vineet Gupta
2013-09-03 9:16 ` Vineet Gupta
2013-09-03 9:23 ` Manfred Spraul
2013-09-03 9:23 ` Manfred Spraul
2013-09-03 9:23 ` Manfred Spraul
2013-09-03 9:51 ` Vineet Gupta
2013-09-03 10:16 ` Manfred Spraul [this message]
2013-09-03 10:16 ` Manfred Spraul
2013-09-03 10:32 ` ipc msg now works (was Re: ipc-msg broken again on 3.11-rc7?) Vineet Gupta
2013-09-03 10:32 ` Vineet Gupta
2013-09-03 22:46 ` Sedat Dilek
2013-09-03 22:46 ` Sedat Dilek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5225B716.3090708@colorfullife.com \
--to=manfred@colorfullife.com \
--cc=Vineet.Gupta1@synopsys.com \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=dave.bueso@gmail.com \
--cc=davidlohr.bueso@hp.com \
--cc=jgonzalez@linets.cl \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-next@vger.kernel.org \
--cc=riel@redhat.com \
--cc=sedat.dilek@gmail.com \
--cc=sfr@canb.auug.org.au \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.